OpenACS

Extended the /acs-admin/posture-overview page to include known CVEs

for both the database client library and the database server in

use. Previously, the overview displayed privacy and privilege analyses

and flagged vulnerable JavaScript libraries; it now also surfaces

database‐related vulnerabilities.

* Leverage the NaviServer–nsdbpg API to fetch and display client‐ and

 server‐side version numbers

* Drive this feature via a database‐agnostic interface—only the nsdbpg

 driver currently returns versions, but support for other databases

 can be added by updating their drivers (no NaviServer core changes

 required)

To use this new feature, use the latest NaviServer and nsdbpg releases.

Otherwise, the section "Database Vulnerability Check" won't appear.

Show less